CVE-2020-7071

MEDIUM

Description

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

References

https://bugs.php.net/bug.php?id=77423

https://security.netapp.com/advisory/ntap-20210312-0005/

https://www.debian.org/security/2021/dsa-4856

Details

Source: MITRE

Published: 2021-02-15

Updated: 2021-03-27

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
147033EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2021-1566)NessusHuawei Local Security Checks
medium
146613Debian DSA-4856-1 : php7.3 - security updateNessusDebian Local Security Checks
medium
145742EulerOS 2.0 SP8 : php (EulerOS-SA-2021-1163)NessusHuawei Local Security Checks
medium
145395openSUSE Security Update : php7 (openSUSE-2021-106)NessusSuSE Local Security Checks
medium
145336openSUSE Security Update : php7 (openSUSE-2021-101)NessusSuSE Local Security Checks
medium
112679PHP 7.3.x < 7.3.26 Input Validation ErrorWeb Application ScanningComponent Vulnerability
medium
112678PHP 7.4.x < 7.4.14 Input Validation ErrorWeb Application ScanningComponent Vulnerability
medium
112677PHP 8.x < 8.0.1 Input Validation ErrorWeb Application ScanningComponent Vulnerability
medium
145141Fedora 32 : php (2021-ca0e53d310)NessusFedora Local Security Checks
medium
145031SUSE SLES12 Security Update : php72 (SUSE-SU-2021:0125-1)NessusSuSE Local Security Checks
medium
145030SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2021:0124-1)NessusSuSE Local Security Checks
medium
145019SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)NessusSuSE Local Security Checks
medium
144955Fedora 33 : php (2021-8dac5c39f3)NessusFedora Local Security Checks
medium
144947PHP 7.3.x < 7.3.26 / 7.4.x < 7.4.14 / 8.x < 8.0.1 Input Validation ErrorNessusCGI abuses
medium